In addition to these focused types of security policies, there are three overall categories of security policies: regulatory, advisory, and informative. A regulatory policy is required whenever industry or legal standards are applicable to your organization. This policy discusses the regulations that must be followed and outlines the procedures that should be used to elicit compliance. An advisory policy discusses behaviors and activities that are acceptable and defines consequences of violations. It explains senior management’s desires for security and compliance within an organization. Most policies are advisory. An informative policy is designed to provide information or knowledge about a specific subject, such as company goa...
- Chapter 1 Security Governance Through Principles and Policies
- from CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition
- Publisher: Sybex
- Released: September 2015
Security Policy categories
Share this highlighthttp://www.safaribooksonline.com/a/cissp-isc2-certified/13200185/